Sophos Home Premium Review 2023

Sophos Home Premium is the paid version of Sophos Home Free. Is there are a difference? Read on.

Sophos Home Premium has come out with a new security suite.

And the new security suite brings with it a ton of protection features.

Sophos Premium is filled with features that most consumers will find very powerful.

The reason for that is:

Most of Sophos security features have been forged in Sophos Enterprise-level security products.

That’s why Sophos Premium comes with advanced security features such as,

  • Exploit mitigation
  • Blocking
  • Keylogger
  • Ransomware protection

It has lots of other features which we will discuss in the remainder of this Sophos Home Premium review.


  • Offers good protection against exploits, keyloggers, and ransomware
  • More than satisfactory malicious URL block score
  • Fantastic score on various antiphishing tests
  • Allows users to remotely manage a total of 10 Macs or PCs
  • Fairly cheap


  • Webcam protection is limited.
  • Parental control features are also limited
  • Users will require technical expertise in order to handle some of the advanced features
  • Independent lab results are rather old

Sophos Home Premium Full And Comprehensive Review

Our research has shown that whenever a given antivirus company tries to boost all of its products meant for the consumer market with security features that the company has honed via its Enterprise environment, some interesting things can rise.

That’s why apart from the expected (and also probably respected) great protection against most types of malware, we see that the all new and improved Sophos Home Premium also boasts features such as,

  • Keystroke encryption
  • Exploit prevention
  • Ransomware protection

There is plenty more.

So you need to stick around for a bit.

As you can probably tell, all of these are high-end security features.

Managing these features could take a user to learn some technical terms.

In other words, users may require a certain degree of technical knowledge and expertise before they try and configure Sophos Home Premium advanced security features according to their own need.

Of course, this really isn’t a problem with anyone who has the required know-how.

There is always the possibility of someone taking care of these security features for other less informed users.

Sophos also provides users with a free edition.

What Is The Difference Between The Free Edition And The Premium Edition?

The free edition does not have some of the most advanced Sophos Home Premium features.

With that said, we would like to mention here that Sophos Home Premium itself isn’t all that expensive.

So you should spend a bit of time comparing both the free and the paid editions to make the right choice.

Sophos Home Premium will cost you around $50 per year.

For that amount, the company will allow you to install its product on a total of 10 machines.

The operating system of your machine will not matter.

Users are free to use up their allocated limit of 10 for any machines including Mac and PC.

Doing a bit of rudimentary math, it is easy to calculate that on a per-device basis Sophos Home Premium only costs users around $5.

Other premium antivirus products such as Webroot, Kaspersky, and Bitdefender all cost $39.99 per year.

Moreover, they don’t allow users to install their services on 10 devices.

In fact, all three of the above-mentioned antivirus security products only allow users to install their protection on just one device.

THere is also Norton.

To protect a single machine with Norton security, the user has to shell out around $49.99 every year.

That’s a lot.

And then there is McAfee AntiVirus Plus.

It is expensive.

At least on the outside.

What we mean to say is that McAfee costs users around $59.99 per year.

That is more than what the likes of Bitdefender and Webroot ask from their potential customers.

But get this.

McAfee allows users to install its protection on an unlimited number of devices.


With just $59.99, users are free to install McAfee AntiVirus Plus on all their devices that are running,

  • iOS
  • Android
  • macOS
  • Windows

User Interface


Users interact with Sophos Home Premium via an online dashboard system.

That is a bit different from a business setting.

We will give you that.

Corporations have whole IT security teams that take good care of antivirus protection management.

Of course, a good IT team in no way means that problems won’t arise.

But it does mean that the IT team will do its best to not leave anything significant to the company’s mostly hapless employees.

The IT teams need a good remote management software in order to make sure everyone on the network is safe.

And that remote management software, in the case of Sophos, carries over directly into the company’s consumer-facing security product, Sophos Home Premium.

Users who install the program will first see a panel.

This panel will show their security status.

The panel will also come with a button.

Users can press that button to launch a system scan.

Sophos’ Dashboard also has another button.

This other button helps users to pen up the product’s online management dashboard.

Users who live in a situation where all of their family members come to them whenever there is a problem (i.e, for tech support) for the simple reason that they don’t really understand what is going on with the security of their device, will appreciate Sophos Home Premium a lot.

In fact, we think they should consider Sophos as a godsend.


Because all that the tech-savvy user has to do is install Sophos Home Premium on all the devices that need protection.

After the installation process finishes, the user has the facility to manage each and everything without ever feeling the need to take his/her car out and drive over Aunt Agatha’s house.

So how do you install Sophos Home Premium on a given device?

There are many ways to do it.

But the easiest method is to simply install the Sophos security product via the online dashboard.

For a user to take advantage of this method, he/she will first have to log in to the company’s online dashboard system.

After logging in, the user should click the option that says Add Device.

When that’s done, the user should have no problems in seeing a link.

This link would allow the user to install Sophos Home Premium on other computers.

The user is free to send the link to different computers if he/she wants the users of those other computers to install this security product application on their own.

There is also a button for users to press and install Sophos Home Premium on the current computer system.

Sophos Home Premium installation process links to the user’s account automatically.

In other words, all that the user has to do is to run the antivirus security product.

The online dashboard also comes with a main page (as expected).

This page does a decent job of displaying a list of all the devices that the user is protecting at any given moment in time.

Moreover, the main page also shows the user the number of websites and threats it has blocked on any given device.

Along with that, the Sophos Home Premium main page shows the last time the user updated his/her device.

Users are free to click any given device from the list and the main page will bring up another page.

This other page will have five headings.

These heading are as follows,

  • Web Filtering
  • Status
  • Protection
  • Privacy
  • History

Let’s explain each of these terms one by one.

First up, is the History tab.

What does it do?

As the name would suggest, this tab basically keeps a log of all user activity on a given device.

Then there is the Web Filtering feature with actually refers to the Sophos Home Premium parental control component which comes in the form of a content filter.

There is also the Privacy tab.

This is the tab that users should access if they want Sophos Home PRemium to protect their webcams as well.

We will dig into most of these features a bit later in this review.

The next heading is the Status heading.

Sophos Status page shows a total of five panels.

These five panels are,

  • Web Protection
  • Ransomware Protection
  • Privacy Protection
  • Malicious Traffic Detection
  • Antivirus Protection

This is an appropriate time to mention that users who have subscribed to the free edition of Sophos security product will also see these options.

But that’s the thing.

They are only visible.

And Sophos makes sure that free users are unable to use the company’s premium-only features.

If the user tries to use premium-only features while on a free edition of Sophos software then the feature simply will not work.

Some antivirus products allow users to click on premium-only options and then free users do so, the software takes them to the sign-up page of the premium service.

A good technique that can raise revenue.

But for some reason, Sophos free edition doesn’t do so.

In any case, users are free to click the Configure link that is available on all the panels that are present on the Status page.

If the user clicks the COnfigure link, then the application will take the user to Sophos PRotection page.

Moreover, it will also select the proper sub-page for the user.

Let’s discuss the sub-pages.

The Protection page comes with sub-pages such as,

  • Web
  • Ransomware
  • General
  • Exploits

We will, again, talk more about these sub-pages and more a little later in the review where we will talk about all the protective features that Sophos Home Premium has to offer.

What Are Some Of The Features That Are Common Between The Premium And The Free Feature?


Naturally, Sophos HOme Free edition shows each and every feature of Sophos Home Premium edition.

Let’s summarize some of those features in this review.

If you want to take a deeper dive into the free edition of Sophos security then read our Sophos Home Free review by clicking here.

Our research shows Sophos has managed to score some pretty good marks in previous rounds of security tests.

By that, we mean that Sophos Home Premium has managed to satisfy the four independent antivirus product testing labs that Security Gladiators likes to follow.

As mentioned before, Sophos also offers business products.

One of its business-facing security product is Sophos Endpoint PRotection.

This particular business security product managed to score a total of 16.5 out of 18 points in the various tests that the AV-Test Institute carried out recently.

With that said, it is rather strange to see that Sophos Home Premium does not make any appearances in the independent testing labs’ current security reports.

In other words, the four independent testing labs that we follow did not evaluate Sophos Home Premium for some reason.

This is probably through no fault of their own.

A given antivirus product actually has to participate on its own will.

Sophos representatives will tell you that the company has plans to participate in all related security tests as early as this year.

Elite antivirus products such as ESET along with KASPERSKY and Bitdefender Antivirus Plus are just a few of the antivirus products, or rather companies, that participate in various independent antivirus testing labs tests.

Especially the four that we like to follow here on Security Gladiators.

Some reviewers like to use an algorithm for score aggregation.

And that can provide some benefits as far as evaluating different antivirus products is concerned.

The algorithm isn’t even near to the complexity level of algorithms that the likes of Google and/or Amazon are using in their machine learning projects.

To put it another way, don’t panic while reading the word algorithm.

It is just a simple scale that maps all the test results of a given antivirus product onto a single and straightforward 10 point scale.

Our research shows that on such a given scale, antivirus products such as Kaspersky have managed to score a perfect 10.

While other good antivirus products such as ESET, Bitdefender along with a few others have managed to score 9.0 out of 10.0 on a consistent basis.

The problem with evaluating Sophos Home Premium is that it gives you no lab results.

So you can’t rely on independent labs when reviewing Sophos Home Premium.

But there are other hands-on tests that one can apply to a given security product under review.

These hands-on tests are usually not that important when you have independent lab test results available.

But without those test results, the only way to properly gauge a security product is via these hands-on tests.

We have already mentioned in our other review that Sophos Home Free actually failed to impress us in various standard malware protection tests.

Sophos Home free edition managed to detect a total of 90 percent of the malware samples that we threw at it.

It also managed to score around 8.5 out of 10 points.

This is the same score that antivirus products such as Trend Micro have also scored.

But get this:

Sophos Home Free edition barely managed to do better than the default security product that comes with Windows: Windows Defender.

Okay, so that’s enough about the free edition.

What about the premium edition?

How well or worse did Sophos Home Premium score?

Our research tells us that Sophos Home Premium is significantly better than Sophos Home Free.

How do we know that?

Well, for a start, it managed to score a 92 percent malware detection rate.

It also earned above 9.0 out of 10 possible aggregate points.

When Webroot and Norton went under the stress test with the same malware sample set, both managed to earn a perfect score of 10.

Reviewers usually have to make sure that any antivirus product that they are testing has the ability to protect users against all the latest and the greatest malware.

One of the best ways to do that is by trying hard to download about a hundred of malware samples that researchers have discovered only recently.

Reviewers then try to give equal credit to a given antivirus product when it steers the web browser away from a given malware-ridden URL and, of course, for removing the malware-ridden download either after or during the downloading phase.

Our research shows that Sophos Home Premium can block up to 93 percent of all malware samples.

It basically prevents malware sample infection by denying all access to the user’s computer machine when it tries to connect to a URL that is hosting malware.

As far as the overall score is concerned (at least in this department) Sophos Home Premium scores just about as well as Sophos Home Free.

But that is only true as far as the first test is concerned.

Our research shows that if the user tries to test Sophos Home Premium later with another test, it would indeed block additional (but only a handful) of more malicious URLs that have the ability to reach the download phase if the user is using Sophos Home Free edition.

So what’s going on here?

Sophos representatives will tell you that maybe earlier malicious URLs tests managed to tip the scales a little bit and hence got some of the fresh malicious URLs blacklisted.

To be honest, that does make a bit of sense.

If someone is trying to compare both Sophos versions then it is a good idea to test both out (simultaneously) for protection against phishing.

Our research shows that the free edition performed almost as well as the premium edition.

In other words, as far as phishing protection goes, the Sophos Home Free edition is identical to Sophos Home Premium.

As far as numbers are concerned, both managed to score a detection rate that reaches just 2 percent points below that of Norton, the king of protection against phishing.

We know very few antivirus products that can score that kind of detection rate when compared with Norton.

The only two products that have consistently beaten Norton at phishing protection are Bitdefender and Trend Micro Antivirus.

Sophos Home Premium also comes with a parental control feature.

Or let’s just say a nod to features related to parental control.

To put it in simpler words, the parental control component of Sophos Home Premium is just a straightforward basic content filter.

Using the content filter, parents have the opportunity to configure the content filter in order to block any kind of access to a total of 28 categories of different content.

The basic Sophos content filter also takes care of older children.

In the case of an older child, Sophos has the ability to only show a simple warning message.

After that it allows the child to have unrestricted access to the given site which may be inappropriate.

With that said, users should know that the Sophos HOme Premium content filter only works with mainstream browsers such as,

  • Google Chrome
  • Opera
  • Internet Explorer
  • Mozilla Firefox
  • Microsoft Edge

Do you know what this means?

This means that the child can use his/her brain and simply install a less common web browser.

That will effectively kill any type of content filtering on part of Sophos Home Premium.

The other thing users need to know is that since Sophos Home Premium does not have the ability to filter any HTTPS traffic, the child has all the opportunity in the world to evade all Sophos content filtering protection by making use of a secure (and maybe even free) anonymizing proxy service.

Enhancements That Come With Sophos Premium Protection


As alluded to before, Sophos Home Premium automatically launches a full system scan on the user’s machine after the user installs the software application.

How long does it take to finish the initial scan?

Our research tells us that Sophos Home Premium takes around 10 minutes to complete the first system scan.

That is a bit surprising.


Because our research shows that Sophos Home Free actually took around 45 minutes to finish the first scan.

After finishing the initial scan, Sophos Home Premium automatically launches the Sophos Home Clean.

This module is only available to premium subscribers.

Sophos Home Premium’s system scan bettered the free edition’s scan by discovering many other kinds of tracking cookies.

What are tracking cookies?

This is not the place for a full discussion on what a tracking cookie is.

For now, it should suffice to know that these are things that advertising companies use in order to track users and their activity in the online world.

Users have the option of clicking the option to quarantine all found malware.

Sophos can also delete the found cookies.

Before actually doing so first, it creates a full system restore point.

This is good thinking on part of Sophos because you never know what might go wrong while trying to clean a system that is infected with malware and cookies.

Our research shows that Sophos lets the user know when it likes to reboot the machine in order to delete some of the malware samples.

Most of the time, it will mark such samples.

In such a case, we recommend that users should do as Sophos tells them to.

When the user has rebooted the machine, Sophos gets to work and notifies the user that the program managed to neutralize PUAs.

It does so by displaying the number of PUAs it removed from the system.

On a side note, PUAs stands for Potentially Unwanted Applications.

Users also have the option of not allow Sophos to delete all PUAs on its own.

They can just click each given PUA item and then clean it individually.

Of course, it is much easier for users to just go ahead and click the Clean All button which is available via the online console system.

This Clean All feature is, fortunately, available in the free edition as well.

Our overall impression of Sophos Home Premium is that this is a security product that goes beyond basic protection against malware and in fact, offers some serious enhancements over its free edition.

What About Ransomware Protection?

Sophos Home Premium has a powerful ransomware feature.

Before going to the performance part, first, readers should know that this is where the premium version of Sophos Home really shines.

It includes a full boatload of security features that users don’t have any access to in the free edition of Sophos.

Among these extra security features is ransomware protection.

Our research has shown that in the majority of the cases, any given security product’s primary antivirus component should have enough about it to eliminate most ransomware.

But there is always a chance that a new and unknown strain of a ransomware comes along and hits the user’s machine.

In that case, the antivirus engine can’t do anything as it mostly relies on a database.

This is where the new behavior-based technology for ransomware protection comes into play.

Users should not have a problem in verifying that Sophos Home Premium’s real-time ransomware protection works.

It will easily detect and then eliminate all dangerous ransomware samples.

For further proof, what some reviewers do is they roll back the test system (which is actually a virtual machine) back to its original state (prior to the scan) and then turn off the security product’s real-time protection.

Our research shows that if one does that to Sophos Home Premium and launches several different ransomware samples, Sophos Home Premium’s detection system has the ability to catch almost all of them.

We say “almost all of them” instead of “all of them” because our research shows that once in a while it can let one slip through the cracks.

In any case, such a detection and removal rate is by no means bad.

We know of more than one ransomware protection tools that regularly miss one (and sometimes more) ransomware samples.

The best ransomware-exclusive protection is ZoneAlarm Anti-Ransomware.

It removes ransomware samples 100 percent of the time.

For any antivirus product’s or ransomware protection product’s behavior-based system to actually detect a given ransomware sample, it must have the ability to observe some behavior patterns via only the process.

What does that mean in layman terms?

It means that there are occasions when a given ransomware sample successfully encrypts multiple user files before the ransomware protection product kicks in and stops it.

Our research shows that sometimes Sophos Home Premium can “allow” a ransomware product to encrypt a file or two before it comes around to whack it.

But that isn’t something unique to Sophos.

Our research also tells us that users should expect the same thing to happen with other ransomware protection products such as Malwarebytes Anti-Ransomware Beta.

WebRoot SecureAnywhere AntiVirus has a tremendous behavior-centric ransomware detection system.

It implements an unusual way to prevent the dreaded lost file problem.


At any given point, if Webroot SecureAnywhere sees a strange or an unknown application and/or program, it begins the process of journaling each and every activity that application or program engages in.

Then it sends the program’s behavior data that it has collected to the company’s central cloud.

After that, it is the duty of that central cloud to perform another analysis on the sample.

If Sophos cloud analysis comes back with the result where it has determined that the application or the program is indeed a malicious one then Webroot quickly move in to strike and kill it.

After that, it makes use of the journal in order to basically undo all of the application’s prior actions.

And if the malicious program had encrypted some files before Webroot got to it then it will reverse that action as well.

With that said, it is also true that Webroot gives out a warning to the user at the start that a massive ransomware or encryption attack could have the potential of overrunning the installed capacity of the Webroot journaling system.

Now, here at Security Gladiators, we have reviewed many top antivirus products.

And while reviewing them we have come across many types of malware and ransomware.

Our testing research shows that now ransomware has become smart enough to launch itself right at system startup just before the operating system has initiated the antivirus product in order to slip past it.

This action is so effective that even respected ransomware protection products such as Cybereason RansomFree and Malwarebytes fell to this test.

Fortunately, Sophos Home Premium managed to pass this test.

What we mean to say is that it had no trouble in catching the ransomware that launched itself at system startup.

Encrypting ransomware samples typically try to lock the user out of his/her files.

That’s a given.

What most readers do not know is that these encrypting ransomware samples leave the computer machine alone and available for the user to operate on.

Why do they do that?

Because hackers behind those ransomware attacks need to make easy for users to pay their ransom demand.

In fact, there are many examples that come to mind just from the past year alone.

Most of you have already heard about the notorious ransomware code known as Petya.


Petya has the capability to encrypt the whole of the user’s hard drive.

We have already mentioned the fact that there are many tools out there in the market that protect users against file encryptors.

While they do work most of the time, the problem is sometimes they are unable to catch ransomware attacks.

Case in point


Sophos Home Premium, however, has special protection for Petya type of ransomware attacks.

That is the reason why our research told us that Sophos Home Premium has no problem in fending off a Petya sample attack.

There is a special ransomware stimulator that everyone should know about.

It is called RanSim ransomware simulator.

RanSim simulator is developed by KnowBe4.

And what it does is that it simulates a total of to different kinds of ransomware attacks and techniques.

About two of those 10 ransomware attacks have two legitimate and genuine encryption activities.

Any ransomware protection tool worth its salt should have little problem in blocking the 10 types of ransomware of attacks.

While doing that, the ransomware tool should also not touch the two legitimate encryption modules.

We know of many ransomware protection tools whose behavior-based ransomware components tend to ignore the simulations.


Because as the name suggests, these are just simulations.

And not actually ransomware attacks.

Hence, there is little point in penalizing a given security product because it could not manage to catch simulations of ransomware attacks.

In other words, even if a security product scores a lowly score in this test, we usually give it some leeway.

Of course, that does not mean that ransomware protection tools that perform well on this test should not get their due applause.

They should.

And that’s what we do.

Sophos Home Premium manages to score good marks in this test.

Our research shows that it had the ability to prevent a total of 9 out 10 ransomware simulations.

Wait a minute.

Since there were only 8 ransomware simulations and 2 legitimate encryption programs, how did Sophos block 9 ransomware types?

Unfortunately, Sophos also prevented one of the two genuine encryption code modules.

But forget about simulations, let’s talk about real-world application.

The one thing people should know about real-world ransomware protection is that any security system that offers ransomware protection doesn’t really work on its own without any help.

Any give security product (a good one) has a real-time general protection layer that acts as the first line of online defense against ransomware attacks.

Our research shows that Sophos managed to successfully eliminate the overwhelming majority of all ransomware samples that researchers threw at it.

So if the general protection layer can protect against all ransomware attacks, how do you test the actual ransomware protection component?

It is very easy.

Just disable the antivirus product’s real-time protection.

That will force the product’s ransomware protection component to come out and stretch its muscles a little bit.

Our research shows that Sophos Home Premium ransomware protection component works just about as well as it can.

In other words, Sophos passes this test as well.

What About Exploit Protection


Sophos Home Premium comes with an Exploit Protection component as well.

The main page offers users an Exploits tab.

When you go to the tab it offers your four different panels.

These panels are as follows,

  • Preferences
  • Risk Reduction
  • Protected Applications
  • Exploit Mitigation

Let’s talk about the preferences panel first.

It basically refers to the user’s preferences that affect visual indicators which show the apps Sophos is protecting at any given moment in time.

This visual indicator feature is disabled if one does not mess with the default settings.

We’ll talk more about this feature in just a bit.

First, we would like to mention that the vast majority of Sophos users should just do themselves a favor and not think much about Risk Reduction and Exploit Mitigation options.

In other words, they should leave them alone and turned on.

Sophos tries to help users by turning these services on by default.

Risk Reduction, as well as Exploit Mitigation, come with their advanced settings.

A collection of them, rather.

The default settings dictate that Exploit Mitigation will protect the user’s web browsers along with,

  • Media players
  • Web browser plugins
  • Office applications
  • Java applications

Users are free to just go ahead and turn off any and all of these protections.

Of course, one would have to ask the user the question:

Why do so?

After Exploit Mitigation, Sophos offers users Risk Reduction.

What is it?

On the face of it, the term does indicate it is some arcane.

And that is why we tell users to leave its advanced settings alone.

Let’s try to understand what Risk Reduction does.

And how does it work?

You see, there are some particular types of malware code that try to prevent any sort of detection and security analysis via methods such as:

Not doing anything naughty.

The malware continues to refrain from harmful actions while it is running with the help of an, what the experts call, artificial sandbox environment.

The security product that we are reviewing right now, Sophos Home Premium, can guard against that as well.

It neuters such malware code by making the malware code think that it actually exists in an artificial sandbox environment.

Fileless malware uses a technique called process hollowing.

With the help of this technique, the malware code manages to replace the code that belongs to a genuine and legitimate process.

This is where a non-expert Sophos user would look at the options and then see the option of stopping malicious USB devices.

If the user turns on this option then Sophos Home Premium gains the ability to prevent any kind of sneak attacks where a hacker may use a thumb drive that is “evil”.


Hackers use evil thumb drives which are gimmicked to give off the impression (to the Windows operating system) that the evil USB drive is actually just a keyboard.

After that, the evil USB start to send the user’s PC random keystrokes in order to control it.

Readers should remember here that this option of stopping malicious USB driver is disabled by default.

So if a user feels like it, then there is no harm in enabling this option.

Back to the visual indicator feature.

Sophos Home Premium protects the user apps sufficiently well.

But to go one step further it also wants to let users know which apps it has protected.

It tries to do that with the help of visual indicators.

If users turn on this option via the Preferences tab, then Sophos Home Premium will start to show these visual indicators.

More concretely, this option will put a sort of glowing border right around each and every app that Sophos has protected.

It will also use more indicators in the bottom right corner of a given application’s window to let the user realize when some of Sophos’ features such as,

  • Safe Browsing
  • Keystroke Encryption
  • Exploit Mitigation

are actively protecting the user.

Some reviewers have also appreciated the fact that, Sophos Home Premium by default fades out the indicators and the bottom border after it a short period of time has passed.

What does Exploit Mitigation do?

It prevents cyber attacks which try to take advantage of various security holes in different applications that Sophos has already under its protection.

You don’t have to worry about any exploits once Sophos has gotten hold of one of your apps.

Readers should take care that Exploit Mitigation doesn’t help to analyze the user’s network traffic to look for exploit signatures.

This is something that Norton Antivirus Basic’s offering does.

And does so very well.

Of course, we don’t have to take any antivirus company on its word.

We have to test.

And the best way to test for security holes is to launch a standard exploit test.

What is the standard exploit test?

Well, in the standard exploit test, reviewers usually take the penetration tool from CORE Impact.

Then they use the tool to generate exploits.

They generate about 30 of them.

Then researchers throw them at the security product under evaluation.

Our research shows that Sophos Home Premium can block around 30 percent of these exploits.

When it blocked the, it also reported the fact with the message:

Malicious Content Detected.

Sophos Home Premium’s Exploit Mitigation feature can sometimes specifically identify malicious code as exploits.

Other times it can detect the code as Trojans.

But users should not worry.

If they have taken proper precautions and have patched their system fully, even the security exploits that Sophos does not catch, do not have many opportunities to cause harm to the user’s computer machine.

Sophos’ Exploit page has a lot of other tools on offer.

And most of them are very complex.

Users who do not have enough background to graph what these tools can and cannot do should just stay away and leave them on the side.

They will continue to do their work even without any user input.

Safe Browsing And Keystroke Encryption


If you go to the online console you will also see a Web tab.

What does this tab do?

Well, first of all, when the user clicks on the Web tab the online console will show the user two of its components.

Before we get into the details, users should know that these two components are also available for users who use Sophos Home free edition.

The two components are,

  • Download reputation
  • Web PRotection

There is also the Safe Online Banking feature.

But this is a premium feature which is only available to users who have subscribed to Sophos Home Premium.

The Safe Online Banking has itself two components.

It has the Keylogger Protection component.

And the Safe Browsing component.

The Safe Browsing component has the simple task of notifying the user in an event where hackers have compromised the user’s web browser.

This isn’t something that reviewers can test for that easily.

So the alternative is to just dive into the keylogger protection tool and test it instead.

The way most do this is first they turn off any and all protection of the security product under protection except for the feature called Safe Browsing.

Then, the next step is to install one of those free keyloggers on the test system.

After that, it is just a matter of typing a bit of text in Notepad.

Readers should note here that the Notepad typically isn’t an application that one tends to protect.

After typing on the Notepad for a bit, it is time to do the same but on a web browser.

Our research shows that Sophos Keystroke encryption will, in this case, jump into action and will display that same glowing border in the bottom right corner of the browser window.

It will also show those protection indicators.

But reading this review this far, you would expect that from Sophos.

Did it do something special?


It did.

Our research shows that if you do what we have described above and then use your web browser to type something then Sophos will display a nice stream of nothing but gibberish that it will then send to the installed keylogger on the test system and that too in real time.

This is an excellent piece of security tool.

Users should also know that if they go back and open up their free keylogger application, they are likely to see some text.

But that text would only account for what you wrote on your Notepad which Sophos doesn’t protect by default.

You will also see gibberish to account for all the text that you would have typed in your browser.

Now, a web browser is an application that Sophos protected by default.

G Data Antivirus has a pretty similar feature.

Our research shows that in the case of G Data, the keylogger receives nothing.

Not even a single line of text from the user’s web browser.

In any case, both times the keylogger failed to catch anything meaningful as the user typed something using the web browser.

All of that is great.

Readers should keep in mind that just like everything else, Keyloggers have also improved a lot from their beginning days.

They can now do just a touch more than just log keys.

There is one keylogger that can capture the contents of the user’s clipboard.

Some keyloggers have the ability to record the user’s online activity.

Then there are those that come with the ability to snap screenshots which show what the user has typed in his/her web browser.

Most of the time, if you have a good antivirus product such as Sophos Home Premium then its real-time protection essentially makes sure that keylogger dies a peaceful and quick death before it has the chance of logging and/or loading anything.

If for some reason, the antivirus product’s real-time protection fails to do that then based on the behavior-monitoring feature of Sophos, Sophos would have nailed the keylogger.

Protection For Webcam Spyware

Sophos_home_premium (2)

Webcam Protection is another one of Sophos Home Premium advanced features.

Now, as we have reviewed a lot of security products, we have to mention here that the Webcam Protection feature from Sophos is a bit different from (what most would expect) other spyware protection applications and/or tools.

This is just our experience.

Yours might be different.

A lot of top of the line antivirus products such as ESET, Kaspersky Anti-Virus along with Bitdefender allow genuine and legitimate applications to make use of the user’s webcam.

In other words, they don’t cause any interference in the normal course of things.

But, if they detect that an unknown program or application has tried to peek at the user’s activity, they quickly spring into action and pop up a notification or an alert.

Users usually counter this by marking their newly installed video-conferencing tool as a trusted application.

Once that is done, the antivirus product will not pop up any alerts.

If however, the user feels that the application should not require any webcam access then the user is free to just block the application’s access to the webcam.

Sophos has a much simpler webcam protection tool.

If at any time Sophos Home Premium detects that a process has accessed the user’s webcam, it immediately slides out a notification (which is transient in nature) about the application’s access to the webcam.

Sophos doesn’t have a blacklist of applications.

There is no whitelist either.

With that said, there is a chance that the user is busy somewhere else while Sophos slides that notification message.

If the user misses the notification then, for all purposes, the user misses the notification.

Moving on to the Sophos Home Premium for the Mac and you get an extra feature.

Or rather ability.

On the Mac platform, Sophos can actually block any and all unknown applications and programs for the user.

Sophos representatives will tell you that the company is bringing the new feature to the Windows platform very soon.

If and when it does arrive on the Windows operating system, it would indeed be a very useful addition to an already impressive lineup of extra Sophos features.

Conclusion: Sophos Home Premium offers excellent protection but only for the right kind of user

Sophos Home Premium is more than an average antivirus package.

The fact that the company has brought in so many features from its enterprise editions is a testimony to how strong Sophos Home Premium security really is.

These are some serious security features and components that we are talking about here.

All these enterprise packages mean that home users get to experience the best of what Sophos has to offer at a reduced price.

We should also give credit to the designers who have worked hard behind the scenes in making sure that Sophos looks good and keep everything simple.

Of course, you can’t have everything simple and straightforward.

But Sophos has tried.

Even with all that effort, there are still some esoteric features and functions that users will not understand.

For those features, they should probably contact someone who has the technical knowledge.

Functions which are difficult to understand may come with their own advantages if you know your tech.

If a user can grasp all the advanced security features then the user can leverage that knowledge to manage and maintain Sophos protection on a total of 10 Macs and/or PCs that may or may not belong to less tech-minded people (family and friends) around the user.

Our research shows that Sophos Home Premium scores good marks in many hands-on malware tests.

The only problem with its score is that it doesn’t have current results from some of the most respected independent testing labs that we like to follow.

If the right kind of user comes across Sophos Home Premium there is no doubt in our mind that Sophos can offer a great experience.

Overall it is more than just a good antivirus product choice.

Throughout this review, we have also listed some of the top antivirus products on the market today.

These top products are there for a reason.

And that reason is adaptability.

They provide top-notch protection for a wider audience.

And hence they have a broader appeal when compared to Sophos Home Premium.

Elite antivirus products such as Kaspersky Antivirus Plus and Bitdefender Antivirus Plus regularly notch up fantastic scores with independent labs all over the world.

They also happen to perform very well for the labs that we follow.

There are also other options such as McAfee AntiVirus Plus which is not as good as Bitdefender and/or Kaspersky in terms of statistics.

But the fact that it offers an unlimited number of licenses that work across all platforms for the price of just one subscription package is something that we cannot ignore.

How can we forget to mention Norton Antivirus Basic here?

It still has the best phishing protection and has maintained its winning position for a long time now.

As far as remedying high-level exploits go, Norton’s performance is unmatchable.

In the end, we would also like to mention Webroot SecureAnywhere.

This antivirus product packs quite a punch.

It comes with a powerful and unique behavior-based malware detection system.

Moreover, it has a really small installation package.

In other words, it is perfect for lightweight computer machines.

Zohair A. Zohair is currently a content crafter at Security Gladiators and has been involved in the technology industry for more than a decade. He is an engineer by training and, naturally, likes to help people solve their tech related problems. When he is not writing, he can usually be found practicing his free-kicks in the ground beside his house.

4 thoughts on “Sophos Home Premium Review 2023”

  1. Thank you Zohair for your detailed review of Sophos Home Premium; much appreciated. Two questions: 1) Which version did you test (PC or Mac)? — my understanding is that there are differences between the two. 2) Can you verify if this product has a quarantine function, or whether it simply deletes or cleans malware and PUPs automatically? Did you see it? (Months ago, beta testers complained that Sophos had not yet rolled out this feature. Thanks!

    • Thanks for the comment John,
      Our research was for the PC version.
      The Mac review will come soon as well.
      The PC version does have the quarantine function as mentioned in the review.
      Sophos gives users the option of either letting it delete everything or marking each found item off to delete/quarantine/do-nothing.

  2. Thanks Zohair, this is good to know. I do hope Sophos will follow through on its plans to submit its Home Premium to the independent AV testing services. Keep your comprehensive reviews coming–I appreciate your thoroughness!

Leave a Comment